CVE-2025-24984

MediumCISA KEVActive Exploitation

Published: 11 March 2025

Published

11 March 2025

Modified

27 October 2025

KEV Added

11 March 2025

Patch

—

CVSS Score 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0283 86.3th percentile

Risk Priority 31 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24984 is a medium-severity Insertion of Sensitive Information into Log File (CWE-532) vulnerability in Microsoft Windows 10 1507. Its CVSS base score is 4.6 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked in the top 13.7% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AU-9 (Protection of Audit Information) and PE-3 (Physical Access Control).

Threat & Defense at a Glance

What attackers do: exploitation maps to Data from Local System (T1005). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Remediates the specific flaw in Windows NTFS that inserts sensitive information into the log file, eliminating the vulnerability as recommended in Microsoft's update guide.

PE-3 Physical Access Control good match

prevent

Enforces physical access controls to prevent unauthorized attackers from gaining the physical access required to disclose sensitive information from the NTFS log file.

AU-9 Protection of Audit Information good match

prevent

Protects the log file containing sensitive information from unauthorized access, directly mitigating disclosure risks.

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

Why these techniques?

The vulnerability causes sensitive information to be logged in an NTFS log file, enabling an attacker with physical access to collect confidential data directly from the local system.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

NVD Description

Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack.

Deeper analysisAI

CVE-2025-24984 is a vulnerability in the Windows NTFS file system that involves the insertion of sensitive information into a log file, classified under CWE-532. Published on 2025-03-11, it carries a CVSS v3.1 base score of 4.6 (AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), highlighting a medium-severity issue where sensitive data exposure occurs via physical means.

An unauthorized attacker with physical access to the affected system can exploit this vulnerability with low attack complexity, requiring no privileges, user interaction, or scope changes. Exploitation enables high-impact disclosure of confidential information from the log file, without impacting integrity or availability.

Microsoft's update guide addresses mitigation for CVE-2025-24984 at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24984. The vulnerability is also listed in the CISA Known Exploited Vulnerabilities Catalog at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24984.

Details

CWE(s): CWE-532
KEV Date Added: 11 March 2025

Affected Products

microsoft

windows 10 1507

≤ 10.0.10240.20947 · ≤ 10.0.10240.20947

microsoft

windows 10 1607

≤ 10.0.14393.7876 · ≤ 10.0.14393.7876

microsoft

windows 10 1809

≤ 10.0.17763.7009 · ≤ 10.0.17763.7009

microsoft

windows 10 21h2

≤ 10.0.19044.5608

microsoft

windows 10 22h2

≤ 10.0.19045.5608

microsoft

windows 11 22h2

≤ 10.0.22621.5039

microsoft

windows 11 23h2

≤ 10.0.22631.5039

microsoft

windows 11 24h2

≤ 10.0.26100.3403

microsoft

windows server 2012

all versions, r2

microsoft

windows server 2016

≤ 10.0.14393.7876

+4 more product configuration(s) — see NVD for full list

CVEs Like This One

CVE-2025-24991Same product: Microsoft Windows 10 1507both on KEV

CVE-2025-26633Same product: Microsoft Windows 10 1507both on KEV

CVE-2025-24985Same product: Microsoft Windows 10 1507both on KEV

CVE-2025-24993Same product: Microsoft Windows 10 1507both on KEV

CVE-2025-24054Same product: Microsoft Windows 10 1507both on KEV

CVE-2025-21391Same product: Microsoft Windows 10 1507both on KEV

CVE-2025-59230Same product: Microsoft Windows 10 1507both on KEV

CVE-2025-24990Same product: Microsoft Windows 10 1507both on KEV

CVE-2025-21418Same product: Microsoft Windows 10 1607both on KEV

CVE-2026-21510Same product: Microsoft Windows 10 1607both on KEV

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24984
Patch, Vendor Advisory · secure@microsoft.com
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24984
US Government Resource · 134c704f-9b21-4f2e-91b3-4a467353bcc0